RubyGems - inspec-core - Versions diffs - 2.1.67 - Mend

inspec-core 2.1.67

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (412) hide show

checksums.yaml +7 -0
data/CHANGELOG.md +3136 -0
data/Gemfile +56 -0
data/LICENSE +14 -0
data/MAINTAINERS.md +33 -0
data/MAINTAINERS.toml +52 -0
data/README.md +453 -0
data/bin/inspec +12 -0
data/docs/.gitignore +2 -0
data/docs/README.md +40 -0
data/docs/dev/control-eval.md +62 -0
data/docs/dsl_inspec.md +258 -0
data/docs/dsl_resource.md +100 -0
data/docs/glossary.md +99 -0
data/docs/habitat.md +192 -0
data/docs/inspec_and_friends.md +114 -0
data/docs/matchers.md +169 -0
data/docs/migration.md +293 -0
data/docs/platforms.md +119 -0
data/docs/plugin_kitchen_inspec.md +50 -0
data/docs/profiles.md +378 -0
data/docs/reporters.md +105 -0
data/docs/resources/aide_conf.md.erb +76 -0
data/docs/resources/apache.md.erb +67 -0
data/docs/resources/apache_conf.md.erb +68 -0
data/docs/resources/apt.md.erb +71 -0
data/docs/resources/audit_policy.md.erb +47 -0
data/docs/resources/auditd.md.erb +79 -0
data/docs/resources/auditd_conf.md.erb +68 -0
data/docs/resources/bash.md.erb +75 -0
data/docs/resources/bond.md.erb +90 -0
data/docs/resources/bridge.md.erb +57 -0
data/docs/resources/bsd_service.md.erb +67 -0
data/docs/resources/chocolatey_package.md.erb +58 -0
data/docs/resources/command.md.erb +138 -0
data/docs/resources/cpan.md.erb +79 -0
data/docs/resources/cran.md.erb +64 -0
data/docs/resources/crontab.md.erb +89 -0
data/docs/resources/csv.md.erb +54 -0
data/docs/resources/dh_params.md.erb +205 -0
data/docs/resources/directory.md.erb +30 -0
data/docs/resources/docker.md.erb +219 -0
data/docs/resources/docker_container.md.erb +103 -0
data/docs/resources/docker_image.md.erb +94 -0
data/docs/resources/docker_service.md.erb +114 -0
data/docs/resources/elasticsearch.md.erb +242 -0
data/docs/resources/etc_fstab.md.erb +125 -0
data/docs/resources/etc_group.md.erb +75 -0
data/docs/resources/etc_hosts.md.erb +78 -0
data/docs/resources/etc_hosts_allow.md.erb +74 -0
data/docs/resources/etc_hosts_deny.md.erb +74 -0
data/docs/resources/file.md.erb +526 -0
data/docs/resources/filesystem.md.erb +41 -0
data/docs/resources/firewalld.md.erb +107 -0
data/docs/resources/gem.md.erb +79 -0
data/docs/resources/group.md.erb +61 -0
data/docs/resources/grub_conf.md.erb +101 -0
data/docs/resources/host.md.erb +86 -0
data/docs/resources/http.md.erb +197 -0
data/docs/resources/iis_app.md.erb +122 -0
data/docs/resources/iis_site.md.erb +135 -0
data/docs/resources/inetd_conf.md.erb +94 -0
data/docs/resources/ini.md.erb +76 -0
data/docs/resources/interface.md.erb +58 -0
data/docs/resources/iptables.md.erb +64 -0
data/docs/resources/json.md.erb +63 -0
data/docs/resources/kernel_module.md.erb +120 -0
data/docs/resources/kernel_parameter.md.erb +53 -0
data/docs/resources/key_rsa.md.erb +85 -0
data/docs/resources/launchd_service.md.erb +57 -0
data/docs/resources/limits_conf.md.erb +75 -0
data/docs/resources/login_defs.md.erb +71 -0
data/docs/resources/mount.md.erb +69 -0
data/docs/resources/mssql_session.md.erb +60 -0
data/docs/resources/mysql_conf.md.erb +99 -0
data/docs/resources/mysql_session.md.erb +74 -0
data/docs/resources/nginx.md.erb +79 -0
data/docs/resources/nginx_conf.md.erb +138 -0
data/docs/resources/npm.md.erb +60 -0
data/docs/resources/ntp_conf.md.erb +60 -0
data/docs/resources/oneget.md.erb +53 -0
data/docs/resources/oracledb_session.md.erb +52 -0
data/docs/resources/os.md.erb +141 -0
data/docs/resources/os_env.md.erb +91 -0
data/docs/resources/package.md.erb +120 -0
data/docs/resources/packages.md.erb +67 -0
data/docs/resources/parse_config.md.erb +103 -0
data/docs/resources/parse_config_file.md.erb +138 -0
data/docs/resources/passwd.md.erb +141 -0
data/docs/resources/pip.md.erb +67 -0
data/docs/resources/port.md.erb +137 -0
data/docs/resources/postgres_conf.md.erb +79 -0
data/docs/resources/postgres_hba_conf.md.erb +93 -0
data/docs/resources/postgres_ident_conf.md.erb +76 -0
data/docs/resources/postgres_session.md.erb +69 -0
data/docs/resources/powershell.md.erb +102 -0
data/docs/resources/processes.md.erb +109 -0
data/docs/resources/rabbitmq_config.md.erb +41 -0
data/docs/resources/registry_key.md.erb +158 -0
data/docs/resources/runit_service.md.erb +57 -0
data/docs/resources/security_policy.md.erb +47 -0
data/docs/resources/service.md.erb +121 -0
data/docs/resources/shadow.md.erb +146 -0
data/docs/resources/ssh_config.md.erb +73 -0
data/docs/resources/sshd_config.md.erb +83 -0
data/docs/resources/ssl.md.erb +119 -0
data/docs/resources/sys_info.md.erb +42 -0
data/docs/resources/systemd_service.md.erb +57 -0
data/docs/resources/sysv_service.md.erb +57 -0
data/docs/resources/upstart_service.md.erb +57 -0
data/docs/resources/user.md.erb +140 -0
data/docs/resources/users.md.erb +127 -0
data/docs/resources/vbscript.md.erb +55 -0
data/docs/resources/virtualization.md.erb +57 -0
data/docs/resources/windows_feature.md.erb +47 -0
data/docs/resources/windows_hotfix.md.erb +53 -0
data/docs/resources/windows_task.md.erb +95 -0
data/docs/resources/wmi.md.erb +81 -0
data/docs/resources/x509_certificate.md.erb +151 -0
data/docs/resources/xinetd_conf.md.erb +156 -0
data/docs/resources/xml.md.erb +85 -0
data/docs/resources/yaml.md.erb +69 -0
data/docs/resources/yum.md.erb +98 -0
data/docs/resources/zfs_dataset.md.erb +53 -0
data/docs/resources/zfs_pool.md.erb +47 -0
data/docs/ruby_usage.md +203 -0
data/docs/shared/matcher_be.md.erb +1 -0
data/docs/shared/matcher_cmp.md.erb +43 -0
data/docs/shared/matcher_eq.md.erb +3 -0
data/docs/shared/matcher_include.md.erb +1 -0
data/docs/shared/matcher_match.md.erb +1 -0
data/docs/shell.md +217 -0
data/examples/README.md +8 -0
data/examples/inheritance/README.md +65 -0
data/examples/inheritance/controls/example.rb +14 -0
data/examples/inheritance/inspec.yml +15 -0
data/examples/kitchen-ansible/.kitchen.yml +25 -0
data/examples/kitchen-ansible/Gemfile +19 -0
data/examples/kitchen-ansible/README.md +53 -0
data/examples/kitchen-ansible/files/nginx.repo +6 -0
data/examples/kitchen-ansible/tasks/main.yml +16 -0
data/examples/kitchen-ansible/test/integration/default/default.yml +5 -0
data/examples/kitchen-ansible/test/integration/default/web_spec.rb +28 -0
data/examples/kitchen-chef/.kitchen.yml +20 -0
data/examples/kitchen-chef/Berksfile +3 -0
data/examples/kitchen-chef/Gemfile +19 -0
data/examples/kitchen-chef/README.md +27 -0
data/examples/kitchen-chef/metadata.rb +7 -0
data/examples/kitchen-chef/recipes/default.rb +6 -0
data/examples/kitchen-chef/recipes/nginx.rb +30 -0
data/examples/kitchen-chef/test/integration/default/web_spec.rb +28 -0
data/examples/kitchen-puppet/.kitchen.yml +23 -0
data/examples/kitchen-puppet/Gemfile +20 -0
data/examples/kitchen-puppet/Puppetfile +25 -0
data/examples/kitchen-puppet/README.md +53 -0
data/examples/kitchen-puppet/manifests/site.pp +33 -0
data/examples/kitchen-puppet/metadata.json +11 -0
data/examples/kitchen-puppet/modules/.gitkeep +0 -0
data/examples/kitchen-puppet/test/integration/default/web_spec.rb +28 -0
data/examples/meta-profile/README.md +37 -0
data/examples/meta-profile/controls/example.rb +13 -0
data/examples/meta-profile/inspec.yml +13 -0
data/examples/profile-attribute.yml +2 -0
data/examples/profile-attribute/README.md +14 -0
data/examples/profile-attribute/controls/example.rb +11 -0
data/examples/profile-attribute/inspec.yml +8 -0
data/examples/profile-sensitive/README.md +29 -0
data/examples/profile-sensitive/controls/sensitive-failures.rb +9 -0
data/examples/profile-sensitive/controls/sensitive.rb +9 -0
data/examples/profile-sensitive/inspec.yml +8 -0
data/examples/profile/README.md +48 -0
data/examples/profile/controls/example.rb +23 -0
data/examples/profile/controls/gordon.rb +36 -0
data/examples/profile/controls/meta.rb +34 -0
data/examples/profile/inspec.yml +10 -0
data/examples/profile/libraries/gordon_config.rb +59 -0
data/inspec-core.gemspec +43 -0
data/lib/bundles/README.md +3 -0
data/lib/bundles/inspec-artifact.rb +7 -0
data/lib/bundles/inspec-artifact/README.md +1 -0
data/lib/bundles/inspec-artifact/cli.rb +277 -0
data/lib/bundles/inspec-compliance.rb +16 -0
data/lib/bundles/inspec-compliance/.kitchen.yml +20 -0
data/lib/bundles/inspec-compliance/README.md +193 -0
data/lib/bundles/inspec-compliance/api.rb +360 -0
data/lib/bundles/inspec-compliance/api/login.rb +193 -0
data/lib/bundles/inspec-compliance/bootstrap.sh +41 -0
data/lib/bundles/inspec-compliance/cli.rb +260 -0
data/lib/bundles/inspec-compliance/configuration.rb +103 -0
data/lib/bundles/inspec-compliance/http.rb +125 -0
data/lib/bundles/inspec-compliance/images/cc-token.png +0 -0
data/lib/bundles/inspec-compliance/support.rb +36 -0
data/lib/bundles/inspec-compliance/target.rb +106 -0
data/lib/bundles/inspec-compliance/test/integration/default/cli.rb +93 -0
data/lib/bundles/inspec-habitat.rb +12 -0
data/lib/bundles/inspec-habitat/cli.rb +36 -0
data/lib/bundles/inspec-habitat/log.rb +10 -0
data/lib/bundles/inspec-habitat/profile.rb +391 -0
data/lib/bundles/inspec-init.rb +8 -0
data/lib/bundles/inspec-init/README.md +31 -0
data/lib/bundles/inspec-init/cli.rb +97 -0
data/lib/bundles/inspec-init/templates/profile/README.md +3 -0
data/lib/bundles/inspec-init/templates/profile/controls/example.rb +19 -0
data/lib/bundles/inspec-init/templates/profile/inspec.yml +8 -0
data/lib/bundles/inspec-init/templates/profile/libraries/.gitkeep +0 -0
data/lib/bundles/inspec-supermarket.rb +13 -0
data/lib/bundles/inspec-supermarket/README.md +45 -0
data/lib/bundles/inspec-supermarket/api.rb +84 -0
data/lib/bundles/inspec-supermarket/cli.rb +73 -0
data/lib/bundles/inspec-supermarket/target.rb +34 -0
data/lib/fetchers/git.rb +163 -0
data/lib/fetchers/local.rb +74 -0
data/lib/fetchers/mock.rb +35 -0
data/lib/fetchers/url.rb +247 -0
data/lib/inspec.rb +24 -0
data/lib/inspec/archive/tar.rb +29 -0
data/lib/inspec/archive/zip.rb +19 -0
data/lib/inspec/backend.rb +93 -0
data/lib/inspec/base_cli.rb +368 -0
data/lib/inspec/cached_fetcher.rb +66 -0
data/lib/inspec/cli.rb +292 -0
data/lib/inspec/completions/bash.sh.erb +45 -0
data/lib/inspec/completions/fish.sh.erb +34 -0
data/lib/inspec/completions/zsh.sh.erb +61 -0
data/lib/inspec/control_eval_context.rb +179 -0
data/lib/inspec/dependencies/cache.rb +72 -0
data/lib/inspec/dependencies/dependency_set.rb +92 -0
data/lib/inspec/dependencies/lockfile.rb +115 -0
data/lib/inspec/dependencies/requirement.rb +123 -0
data/lib/inspec/dependencies/resolver.rb +86 -0
data/lib/inspec/describe.rb +27 -0
data/lib/inspec/dsl.rb +66 -0
data/lib/inspec/dsl_shared.rb +33 -0
data/lib/inspec/env_printer.rb +157 -0
data/lib/inspec/errors.rb +14 -0
data/lib/inspec/exceptions.rb +12 -0
data/lib/inspec/expect.rb +45 -0
data/lib/inspec/fetcher.rb +45 -0
data/lib/inspec/file_provider.rb +275 -0
data/lib/inspec/formatters.rb +3 -0
data/lib/inspec/formatters/base.rb +259 -0
data/lib/inspec/formatters/json_rspec.rb +20 -0
data/lib/inspec/formatters/show_progress.rb +12 -0
data/lib/inspec/library_eval_context.rb +58 -0
data/lib/inspec/log.rb +11 -0
data/lib/inspec/metadata.rb +247 -0
data/lib/inspec/method_source.rb +24 -0
data/lib/inspec/objects.rb +14 -0
data/lib/inspec/objects/attribute.rb +75 -0
data/lib/inspec/objects/control.rb +61 -0
data/lib/inspec/objects/describe.rb +92 -0
data/lib/inspec/objects/each_loop.rb +36 -0
data/lib/inspec/objects/list.rb +15 -0
data/lib/inspec/objects/or_test.rb +40 -0
data/lib/inspec/objects/ruby_helper.rb +15 -0
data/lib/inspec/objects/tag.rb +27 -0
data/lib/inspec/objects/test.rb +87 -0
data/lib/inspec/objects/value.rb +27 -0
data/lib/inspec/plugins.rb +60 -0
data/lib/inspec/plugins/cli.rb +24 -0
data/lib/inspec/plugins/fetcher.rb +86 -0
data/lib/inspec/plugins/resource.rb +135 -0
data/lib/inspec/plugins/secret.rb +15 -0
data/lib/inspec/plugins/source_reader.rb +40 -0
data/lib/inspec/polyfill.rb +12 -0
data/lib/inspec/profile.rb +513 -0
data/lib/inspec/profile_context.rb +208 -0
data/lib/inspec/profile_vendor.rb +66 -0
data/lib/inspec/reporters.rb +60 -0
data/lib/inspec/reporters/automate.rb +76 -0
data/lib/inspec/reporters/base.rb +25 -0
data/lib/inspec/reporters/cli.rb +356 -0
data/lib/inspec/reporters/json.rb +116 -0
data/lib/inspec/reporters/json_min.rb +48 -0
data/lib/inspec/reporters/junit.rb +78 -0
data/lib/inspec/require_loader.rb +33 -0
data/lib/inspec/resource.rb +190 -0
data/lib/inspec/rule.rb +280 -0
data/lib/inspec/runner.rb +345 -0
data/lib/inspec/runner_mock.rb +41 -0
data/lib/inspec/runner_rspec.rb +175 -0
data/lib/inspec/runtime_profile.rb +26 -0
data/lib/inspec/schema.rb +213 -0
data/lib/inspec/secrets.rb +19 -0
data/lib/inspec/secrets/yaml.rb +30 -0
data/lib/inspec/shell.rb +220 -0
data/lib/inspec/shell_detector.rb +90 -0
data/lib/inspec/source_reader.rb +29 -0
data/lib/inspec/version.rb +8 -0
data/lib/matchers/matchers.rb +339 -0
data/lib/resources/aide_conf.rb +151 -0
data/lib/resources/apache.rb +48 -0
data/lib/resources/apache_conf.rb +149 -0
data/lib/resources/apt.rb +149 -0
data/lib/resources/audit_policy.rb +63 -0
data/lib/resources/auditd.rb +231 -0
data/lib/resources/auditd_conf.rb +46 -0
data/lib/resources/bash.rb +35 -0
data/lib/resources/bond.rb +69 -0
data/lib/resources/bridge.rb +122 -0
data/lib/resources/chocolatey_package.rb +78 -0
data/lib/resources/command.rb +73 -0
data/lib/resources/cpan.rb +58 -0
data/lib/resources/cran.rb +64 -0
data/lib/resources/crontab.rb +169 -0
data/lib/resources/csv.rb +56 -0
data/lib/resources/dh_params.rb +77 -0
data/lib/resources/directory.rb +25 -0
data/lib/resources/docker.rb +236 -0
data/lib/resources/docker_container.rb +89 -0
data/lib/resources/docker_image.rb +83 -0
data/lib/resources/docker_object.rb +57 -0
data/lib/resources/docker_service.rb +90 -0
data/lib/resources/elasticsearch.rb +169 -0
data/lib/resources/etc_fstab.rb +94 -0
data/lib/resources/etc_group.rb +154 -0
data/lib/resources/etc_hosts.rb +66 -0
data/lib/resources/etc_hosts_allow_deny.rb +112 -0
data/lib/resources/file.rb +298 -0
data/lib/resources/filesystem.rb +31 -0
data/lib/resources/firewalld.rb +143 -0
data/lib/resources/gem.rb +70 -0
data/lib/resources/groups.rb +215 -0
data/lib/resources/grub_conf.rb +227 -0
data/lib/resources/host.rb +306 -0
data/lib/resources/http.rb +253 -0
data/lib/resources/iis_app.rb +101 -0
data/lib/resources/iis_site.rb +148 -0
data/lib/resources/inetd_conf.rb +54 -0
data/lib/resources/ini.rb +29 -0
data/lib/resources/interface.rb +129 -0
data/lib/resources/iptables.rb +80 -0
data/lib/resources/json.rb +111 -0
data/lib/resources/kernel_module.rb +107 -0
data/lib/resources/kernel_parameter.rb +58 -0
data/lib/resources/key_rsa.rb +63 -0
data/lib/resources/limits_conf.rb +46 -0
data/lib/resources/login_def.rb +57 -0
data/lib/resources/mount.rb +88 -0
data/lib/resources/mssql_session.rb +101 -0
data/lib/resources/mysql.rb +82 -0
data/lib/resources/mysql_conf.rb +127 -0
data/lib/resources/mysql_session.rb +85 -0
data/lib/resources/nginx.rb +96 -0
data/lib/resources/nginx_conf.rb +226 -0
data/lib/resources/npm.rb +48 -0
data/lib/resources/ntp_conf.rb +51 -0
data/lib/resources/oneget.rb +71 -0
data/lib/resources/oracledb_session.rb +139 -0
data/lib/resources/os.rb +36 -0
data/lib/resources/os_env.rb +86 -0
data/lib/resources/package.rb +370 -0
data/lib/resources/packages.rb +111 -0
data/lib/resources/parse_config.rb +112 -0
data/lib/resources/passwd.rb +76 -0
data/lib/resources/pip.rb +130 -0
data/lib/resources/platform.rb +109 -0
data/lib/resources/port.rb +771 -0
data/lib/resources/postgres.rb +131 -0
data/lib/resources/postgres_conf.rb +114 -0
data/lib/resources/postgres_hba_conf.rb +90 -0
data/lib/resources/postgres_ident_conf.rb +79 -0
data/lib/resources/postgres_session.rb +71 -0
data/lib/resources/powershell.rb +67 -0
data/lib/resources/processes.rb +204 -0
data/lib/resources/rabbitmq_conf.rb +51 -0
data/lib/resources/registry_key.rb +297 -0
data/lib/resources/security_policy.rb +180 -0
data/lib/resources/service.rb +794 -0
data/lib/resources/shadow.rb +159 -0
data/lib/resources/ssh_conf.rb +97 -0
data/lib/resources/ssl.rb +99 -0
data/lib/resources/sys_info.rb +28 -0
data/lib/resources/toml.rb +32 -0
data/lib/resources/users.rb +654 -0
data/lib/resources/vbscript.rb +68 -0
data/lib/resources/virtualization.rb +247 -0
data/lib/resources/windows_feature.rb +84 -0
data/lib/resources/windows_hotfix.rb +35 -0
data/lib/resources/windows_task.rb +102 -0
data/lib/resources/wmi.rb +110 -0
data/lib/resources/x509_certificate.rb +137 -0
data/lib/resources/xinetd.rb +106 -0
data/lib/resources/xml.rb +46 -0
data/lib/resources/yaml.rb +43 -0
data/lib/resources/yum.rb +180 -0
data/lib/resources/zfs_dataset.rb +60 -0
data/lib/resources/zfs_pool.rb +49 -0
data/lib/source_readers/flat.rb +39 -0
data/lib/source_readers/inspec.rb +75 -0
data/lib/utils/command_wrapper.rb +27 -0
data/lib/utils/convert.rb +12 -0
data/lib/utils/database_helpers.rb +77 -0
data/lib/utils/enumerable_delegation.rb +9 -0
data/lib/utils/erlang_parser.rb +192 -0
data/lib/utils/file_reader.rb +25 -0
data/lib/utils/filter.rb +273 -0
data/lib/utils/filter_array.rb +27 -0
data/lib/utils/find_files.rb +47 -0
data/lib/utils/hash.rb +41 -0
data/lib/utils/json_log.rb +18 -0
data/lib/utils/latest_version.rb +22 -0
data/lib/utils/modulator.rb +12 -0
data/lib/utils/nginx_parser.rb +105 -0
data/lib/utils/object_traversal.rb +49 -0
data/lib/utils/parser.rb +274 -0
data/lib/utils/pkey_reader.rb +15 -0
data/lib/utils/plugin_registry.rb +93 -0
data/lib/utils/simpleconfig.rb +120 -0
data/lib/utils/spdx.rb +13 -0
data/lib/utils/spdx.txt +344 -0
metadata +713 -0

data/lib/inspec/profile_context.rb ADDED

@@ -0,0 +1,208 @@
+# encoding: utf-8
+# author: Dominik Richter
+# author: Christoph Hartmann
+require 'inspec/log'
+require 'inspec/rule'
+require 'inspec/resource'
+require 'inspec/library_eval_context'
+require 'inspec/control_eval_context'
+require 'inspec/require_loader'
+require 'securerandom'
+require 'inspec/objects/attribute'
+module Inspec
+  class ProfileContext
+    def self.for_profile(profile, backend, attributes)
+      new(profile.name, backend, { 'profile' => profile,
+                                   'attributes' => attributes,
+                                   'check_mode' => profile.check_mode })
+    end
+    attr_reader :attributes, :profile_id, :resource_registry, :backend
+    attr_accessor :rules
+    def initialize(profile_id, backend, conf)
+      if backend.nil?
+        raise 'ProfileContext is initiated with a backend == nil. ' \
+             'This is a backend error which must be fixed upstream.'
+      end
+      @profile_id = profile_id
+      @backend = backend
+      @conf = conf.dup
+      @skip_only_if_eval = @conf['check_mode']
+      @rules = {}
+      @control_subcontexts = []
+      @lib_subcontexts = []
+      @require_loader = ::Inspec::RequireLoader.new
+      @attributes = []
+      # A local resource registry that only contains resources defined
+      # in the transitive dependency tree of the loaded profile.
+      @resource_registry = Inspec::Resource.new_registry
+      @library_eval_context = Inspec::LibraryEvalContext.create(@resource_registry, @require_loader)
+      @current_load = nil
+    end
+    def dependencies
+      if @conf['profile'].nil?
+        {}
+      else
+        @conf['profile'].locked_dependencies
+      end
+    end
+    def to_resources_dsl
+      Inspec::Resource.create_dsl(self)
+    end
+    def control_eval_context
+      @control_eval_context ||= begin
+                                  ctx = Inspec::ControlEvalContext.create(self, to_resources_dsl)
+                                  ctx.new(@backend, @conf, dependencies, @require_loader, @skip_only_if_eval)
+                                end
+    end
+    def reload_dsl
+      @control_eval_context = nil
+    end
+    def profile_supports_platform?
+      return true if @conf['profile'].nil?
+      @conf['profile'].supports_platform?
+    end
+    def profile_supports_inspec_version?
+      return true if @conf['profile'].nil?
+      @conf['profile'].supports_runtime?
+    end
+    def remove_rule(id)
+      @rules[id] = nil if @rules.key?(id)
+      @control_subcontexts.each do |c|
+        c.remove_rule(id)
+      end
+    end
+    def all_controls
+      ret = @rules.values
+      ret += @control_subcontexts.map(&:all_rules).flatten
+      ret
+    end
+    alias all_rules all_controls
+    def subcontext_by_name(name)
+      found = @lib_subcontexts.find { |c| c.profile_id == name }
+      if !found
+        @lib_subcontexts.each do |c|
+          found = c.subcontext_by_name(name)
+          break if found
+        end
+      end
+      found
+    end
+    def add_resources(context)
+      @resource_registry.merge!(context.resource_registry)
+      control_eval_context.add_resources(context)
+      @lib_subcontexts << context
+      reload_dsl
+    end
+    def add_subcontext(context)
+      @control_subcontexts << context
+    end
+    def load_libraries(libs)
+      lib_prefix = 'libraries' + File::SEPARATOR
+      autoloads = []
+      libs.sort_by! { |l| l[1] } # Sort on source path so load order is deterministic
+      libs.each do |content, source, line|
+        path = source
+        if source.start_with?(lib_prefix)
+          path = source.sub(lib_prefix, '')
+          autoloads.push(path) if File.dirname(path) == '.'
+        end
+        @require_loader.add(path, content, source, line)
+      end
+      # load all files directly that are flat inside the libraries folder
+      autoloads.each do |path|
+        next unless path.end_with?('.rb')
+        load_library_file(*@require_loader.load(path)) unless @require_loader.loaded?(path)
+      end
+      reload_dsl
+    end
+    def load_control_file(*args)
+      # Set `skip_file` to `false` between file loads to prevent skips from spanning multiple control files
+      control_eval_context.skip_file = false
+      load_with_context(control_eval_context, *args)
+    end
+    alias load load_control_file
+    def load_library_file(*args)
+      load_with_context(@library_eval_context, *args)
+    end
+    def load_with_context(context, content, source = nil, line = nil)
+      Inspec::Log.debug("Loading #{source || '<anonymous content>'} into #{self}")
+      @current_load = { file: source }
+      if content.is_a? Proc
+        context.instance_eval(&content)
+      elsif source.nil? && line.nil?
+        context.instance_eval(content)
+      else
+        context.instance_eval(content, source || 'unknown', line || 1)
+      end
+    end
+    def unregister_rule(id)
+      @rules.delete(full_id(@profile_id, id))
+    end
+    attr_reader :current_load
+    def register_rule(r)
+      # get the full ID
+      file = if @current_load.nil?
+               'unknown'
+             else
+               @current_load[:file] || 'unknown'
+             end
+      r.instance_variable_set(:@__file, file)
+      r.instance_variable_set(:@__group_title, current_load[:title])
+      # add the rule to the registry
+      fid = full_id(Inspec::Rule.profile_id(r), Inspec::Rule.rule_id(r))
+      existing = @rules[fid]
+      if existing.nil?
+        @rules[fid] = r
+      else
+        Inspec::Rule.merge(existing, r)
+      end
+    end
+    def register_attribute(name, options = {})
+      # we need to return an attribute object, to allow dermination of default values
+      attr = Attribute.new(name, options)
+      # read value from given gived values
+      attr.value = @conf['attributes'][attr.name] unless @conf['attributes'].nil?
+      @attributes.push(attr)
+      attr.value
+    end
+    def set_header(field, val)
+      @current_load[field] = val
+    end
+    private
+    def full_id(pid, rid)
+      return rid.to_s if pid.to_s.empty?
+      pid.to_s + '/' + rid.to_s
+    end
+  end
+end

data/lib/inspec/profile_vendor.rb ADDED

@@ -0,0 +1,66 @@
+# encoding: utf-8
+# author: Adam Leff
+require 'inspec/profile'
+module Inspec
+  class ProfileVendor
+    attr_reader :profile_path
+    def initialize(path)
+      @profile_path = Pathname.new(path)
+    end
+    def vendor!
+      vendor_dependencies
+    end
+    # The URL fetcher uses a Tempfile to retrieve the vendored
+    # profile, which creates a file that is only readable by
+    # the current user. In most circumstances, this is likely OK.
+    # However, in environments like a Habitat package, these files
+    # need to be readable by all users or the Habitat Supervisor
+    # may not be able to start InSpec correctly.
+    #
+    # This method makes sure all vendored files are mode 644 for this
+    # use case. This method is not called by default - the caller
+    # vendoring the profile must make the decision as to whether this
+    # is necessary.
+    def make_readable
+      Dir.glob("#{cache_path}/**/*") do |e|
+        FileUtils.chmod(0644, e) if File.file?(e)
+      end
+    end
+    def cache_path
+      profile_path.join('vendor')
+    end
+    def lockfile
+      profile_path.join('inspec.lock')
+    end
+    private
+    def profile
+      @profile ||= Inspec::Profile.for_target(profile_path.to_s, profile_opts)
+    end
+    def profile_opts
+      {
+        vendor_cache: Inspec::Cache.new(cache_path.to_s),
+        backend: Inspec::Backend.create(target: 'mock://'),
+      }
+    end
+    def vendor_dependencies
+      delete_vendored_data
+      File.write(lockfile, profile.generate_lockfile.to_yaml)
+    end
+    def delete_vendored_data
+      FileUtils.rm_rf(cache_path) if cache_path.exist?
+      File.delete(lockfile) if lockfile.exist?
+    end
+  end
+end

data/lib/inspec/reporters.rb ADDED

@@ -0,0 +1,60 @@
+require 'inspec/reporters/base'
+require 'inspec/reporters/cli'
+require 'inspec/reporters/json'
+require 'inspec/reporters/json_min'
+require 'inspec/reporters/junit'
+require 'inspec/reporters/automate'
+module Inspec::Reporters
+  def self.render(reporter, run_data)
+    name, config = reporter.dup
+    config[:run_data] = run_data
+    case name
+    when 'cli'
+      reporter = Inspec::Reporters::CLI.new(config)
+    when 'json'
+      reporter = Inspec::Reporters::Json.new(config)
+    when 'json-min'
+      reporter = Inspec::Reporters::JsonMin.new(config)
+    when 'junit'
+      reporter = Inspec::Reporters::Junit.new(config)
+    when 'automate'
+      reporter = Inspec::Reporters::Automate.new(config)
+    else
+      raise NotImplementedError, "'#{name}' is not a valid reporter type."
+    end
+    # optional send_report method on reporter
+    return reporter.send_report if defined?(reporter.send_report)
+    reporter.render
+    output = reporter.rendered_output
+    if config['file']
+      # create destination directory if it does not exist
+      dirname = File.dirname(config['file'])
+      FileUtils.mkdir_p(dirname) unless File.directory?(dirname)
+      File.write(config['file'], output)
+    elsif config['stdout'] == true
+      print output
+      STDOUT.flush
+    end
+  end
+  def self.report(reporter, run_data)
+    name, config = reporter.dup
+    config[:run_data] = run_data
+    case name
+    when 'json'
+      reporter = Inspec::Reporters::Json.new(config)
+    when 'json-min'
+      reporter = Inspec::Reporters::JsonMin.new(config)
+    else
+      # use base run_data hash for any other report
+      return run_data
+    end
+    reporter.report
+  end
+end

data/lib/inspec/reporters/automate.rb ADDED

@@ -0,0 +1,76 @@
+# encoding: utf-8
+require 'json'
+require 'net/http'
+module Inspec::Reporters
+  class Automate < Json
+    def initialize(config)
+      super(config)
+      # default to not verifying ssl for sending reports
+      @config['verify_ssl'] = @config['verify_ssl'] || false
+    end
+    def enriched_report
+      # grab the report from the parent class
+      final_report = report
+      # Label this content as an inspec_report
+      final_report[:type] = 'inspec_report'
+      final_report[:end_time] = Time.now.utc.strftime('%FT%TZ')
+      final_report[:node_uuid] = @config['node_uuid'] || @run_data[:platform][:uuid]
+      raise Inspec::ReporterError, 'Cannot find a UUID for your node. Please specify one via json-config.' if final_report[:node_uuid].nil?
+      final_report[:report_uuid] = uuid_from_string(final_report[:end_time] + final_report[:node_uuid])
+      # optional json-config passthrough options
+      %w{node_name environment roles recipies}.each do |option|
+        final_report[option.to_sym] = @config[option] unless @config[option].nil?
+      end
+      final_report
+    end
+    def send_report
+      headers = { 'Content-Type' => 'application/json' }
+      headers['x-data-collector-token'] = @config['token']
+      headers['x-data-collector-auth'] = 'version=1.0'
+      uri = URI(@config['url'])
+      req = Net::HTTP::Post.new(uri.path, headers)
+      req.body = enriched_report.to_json
+      begin
+        Inspec::Log.debug "Posting report to Chef Automate: #{uri.path}"
+        http = Net::HTTP.new(uri.hostname, uri.port)
+        http.use_ssl = uri.scheme == 'https'
+        if @config['verify_ssl'] == true
+          http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+        else
+          http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+        end
+        http.request(req)
+        return true
+      rescue => e
+        Inspec::Log.error "send_report: POST to #{uri.path} returned: #{e.message}"
+        return false
+      end
+    end
+    private
+    # This hashes the passed string into SHA1.
+    # Then it downgrades the 160bit SHA1 to a 128bit
+    # then we format it as a valid UUIDv5.
+    def uuid_from_string(string)
+      hash = Digest::SHA1.new
+      hash.update(string)
+      ary = hash.digest.unpack('NnnnnN')
+      ary[2] = (ary[2] & 0x0FFF) | (5 << 12)
+      ary[3] = (ary[3] & 0x3FFF) | 0x8000
+      # rubocop:disable Style/FormatString
+      '%08x-%04x-%04x-%04x-%04x%08x' % ary
+    end
+  end
+end

data/lib/inspec/reporters/base.rb ADDED

@@ -0,0 +1,25 @@
+module Inspec::Reporters
+  class Base
+    attr_reader :run_data
+    def initialize(config)
+      @config = config
+      @run_data = config[:run_data]
+      @output = ''
+    end
+    def output(str, newline = true)
+      @output << str
+      @output << "\n" if newline
+    end
+    def rendered_output
+      @output
+    end
+    # each reporter must implement #render
+    def render
+      raise NotImplementedError, "#{self.class} must implement a `#render` method to format its output."
+    end
+  end
+end

data/lib/inspec/reporters/cli.rb ADDED

@@ -0,0 +1,356 @@
+# encoding: utf-8
+module Inspec::Reporters
+  class CLI < Base
+    case RUBY_PLATFORM
+    when /windows|mswin|msys|mingw|cygwin/
+      # Most currently available Windows terminals have poor support
+      # for ANSI extended colors
+      COLORS = {
+        'failed'   => "\033[0;1;31m",
+        'passed'   => "\033[0;1;32m",
+        'skipped'  => "\033[0;37m",
+        'reset'    => "\033[0m",
+      }.freeze
+      # Most currently available Windows terminals have poor support
+      # for UTF-8 characters so use these boring indicators
+      INDICATORS = {
+        'failed'   => '[FAIL]',
+        'skipped'  => '[SKIP]',
+        'passed'   => '[PASS]',
+        'unknown'  => '[UNKN]',
+      }.freeze
+    else
+      # Extended colors for everyone else
+      COLORS = {
+        'failed'   => "\033[38;5;9m",
+        'passed'   => "\033[38;5;41m",
+        'skipped'  => "\033[38;5;247m",
+        'reset'    => "\033[0m",
+      }.freeze
+      # Groovy UTF-8 characters for everyone else...
+      # ...even though they probably only work on Mac
+      INDICATORS = {
+        'failed'   => '×',
+        'skipped'  => '↺',
+        'passed'   => '✔',
+        'unknown'  => '?',
+      }.freeze
+    end
+    MULTI_TEST_CONTROL_SUMMARY_MAX_LEN = 60
+    def render
+      run_data[:profiles].each do |profile|
+        @control_count = 0
+        output('')
+        print_profile_header(profile)
+        print_standard_control_results(profile)
+        print_anonymous_control_results(profile)
+        output(format_message(
+                 indentation: 5,
+                 message: 'No tests executed.',
+        )) if @control_count == 0
+      end
+      output('')
+      print_profile_summary
+      print_tests_summary
+    end
+    private
+    def print_profile_header(profile)
+      output("Profile: #{format_profile_name(profile)}")
+      output("Version: #{profile[:version] || '(not specified)'}")
+      output("Target:  #{run_data[:platform][:target]}") unless run_data[:platform][:target].nil?
+      output('')
+    end
+    def print_standard_control_results(profile)
+      standard_controls_from_profile(profile).each do |control_from_profile|
+        control = Control.new(control_from_profile)
+        next if control.results.nil?
+        output(format_control_header(control))
+        control.results.each do |result|
+          output(format_result(control, result, :standard))
+          @control_count += 1
+        end
+      end
+      output('') if @control_count > 0
+    end
+    def print_anonymous_control_results(profile)
+      anonymous_controls_from_profile(profile).each do |control_from_profile|
+        control = Control.new(control_from_profile)
+        next if control.results.nil?
+        output(format_control_header(control))
+        control.results.each do |result|
+          output(format_result(control, result, :anonymous))
+          @control_count += 1
+        end
+      end
+    end
+    def format_profile_name(profile)
+      if profile[:title].nil?
+        (profile[:name] || 'unknown').to_s
+      else
+        "#{profile[:title]} (#{profile[:name] || 'unknown'})"
+      end
+    end
+    def format_control_header(control)
+      impact = control.impact_string
+      format_message(
+        color: impact,
+        indicator: impact,
+        message: control.title_for_report,
+      )
+    end
+    def format_result(control, result, type)
+      impact = control.impact_string_for_result(result)
+      message = if result[:status] == 'skipped'
+                  result[:skip_message]
+                elsif type == :anonymous
+                  result[:expectation_message]
+                else
+                  result[:code_desc]
+                end
+      # append any failure details to the message if they exist
+      message += "\n#{result[:message]}" if result[:message]
+      format_message(
+        color: impact,
+        indicator: impact,
+        indentation: 5,
+        message: message,
+      )
+    end
+    def format_message(message_info)
+      indicator = message_info[:indicator]
+      color = message_info[:color]
+      indentation = message_info.fetch(:indentation, 2)
+      message = message_info[:message]
+      message_to_format = ''
+      message_to_format += "#{INDICATORS[indicator]}  " unless indicator.nil?
+      message_to_format += message.to_s.lstrip
+      format_with_color(color, indent_lines(message_to_format, indentation))
+    end
+    def format_with_color(color_name, text)
+      return text if defined?(RSpec.configuration) && !RSpec.configuration.color
+      return text unless COLORS.key?(color_name)
+      "#{COLORS[color_name]}#{text}#{COLORS['reset']}"
+    end
+    def all_unique_controls
+      return @unique_controls unless @unique_controls.nil?
+      @unique_controls = Set.new
+      run_data[:profiles].each do |profile|
+        profile[:controls].map { |control| @unique_controls.add(control) }
+      end
+      @unique_controls
+    end
+    def profile_summary
+      failed = 0
+      skipped = 0
+      passed = 0
+      all_unique_controls.each do |control|
+        next if control[:id].start_with? '(generated from '
+        next unless control[:results]
+        if control[:results].any? { |r| r[:status] == 'failed' }
+          failed += 1
+        elsif control[:results].any? { |r| r[:status] == 'skipped' }
+          skipped += 1
+        else
+          passed += 1
+        end
+      end
+      total = failed + passed + skipped
+      {
+        'total' => total,
+        'failed' => failed,
+        'skipped' => skipped,
+        'passed' => passed,
+      }
+    end
+    def tests_summary
+      total = 0
+      failed = 0
+      skipped = 0
+      passed = 0
+      all_unique_controls.each do |control|
+        next unless control[:results]
+        control[:results].each do |result|
+          if result[:status] == 'failed'
+            failed += 1
+          elsif result[:status] == 'skipped'
+            skipped += 1
+          else
+            passed += 1
+          end
+        end
+      end
+      {
+        'total' => total,
+        'failed' => failed,
+        'skipped' => skipped,
+        'passed' => passed,
+      }
+    end
+    def print_profile_summary
+      summary = profile_summary
+      return unless summary['total'] > 0
+      success_str = summary['passed'] == 1 ? '1 successful control' : "#{summary['passed']} successful controls"
+      failed_str  = summary['failed'] == 1 ? '1 control failure' : "#{summary['failed']} control failures"
+      skipped_str = summary['skipped'] == 1 ? '1 control skipped' : "#{summary['skipped']} controls skipped"
+      success_color = summary['passed'] > 0 ? 'passed' : 'no_color'
+      failed_color = summary['failed'] > 0 ? 'failed' : 'no_color'
+      skipped_color = summary['skipped'] > 0 ? 'skipped' : 'no_color'
+      s = format(
+        'Profile Summary: %s, %s, %s',
+        format_with_color(success_color, success_str),
+        format_with_color(failed_color, failed_str),
+        format_with_color(skipped_color, skipped_str),
+      )
+      output(s) if summary['total'] > 0
+    end
+    def print_tests_summary
+      summary = tests_summary
+      failed_str = summary['failed'] == 1 ? '1 failure' : "#{summary['failed']} failures"
+      success_color = summary['passed'] > 0 ? 'passed' : 'no_color'
+      failed_color = summary['failed'] > 0 ? 'failed' : 'no_color'
+      skipped_color = summary['skipped'] > 0 ? 'skipped' : 'no_color'
+      s = format(
+        'Test Summary: %s, %s, %s',
+        format_with_color(success_color, "#{summary['passed']} successful"),
+        format_with_color(failed_color, failed_str),
+        format_with_color(skipped_color, "#{summary['skipped']} skipped"),
+      )
+      output(s)
+    end
+    def standard_controls_from_profile(profile)
+      profile[:controls].reject { |c| is_anonymous_control?(c) }
+    end
+    def anonymous_controls_from_profile(profile)
+      profile[:controls].select { |c| is_anonymous_control?(c) && !c[:results].nil? }
+    end
+    def is_anonymous_control?(control)
+      control[:id].start_with?('(generated from ')
+    end
+    def indent_lines(message, indentation)
+      message.lines.map { |line| ' ' * indentation + line }.join
+    end
+    class Control
+      attr_reader :data
+      def initialize(control_hash)
+        @data = control_hash
+      end
+      def id
+        data[:id]
+      end
+      def title
+        data[:title]
+      end
+      def results
+        data[:results]
+      end
+      def impact
+        data[:impact]
+      end
+      def anonymous?
+        id.start_with?('(generated from ')
+      end
+      def title_for_report
+        # if this is an anonymous control, just grab the resource title from any result entry
+        return results.first[:resource_title] if anonymous?
+        title_for_report = "#{id}: #{title || results.first[:resource_title]}"
+        # we will not add any additional data to the title if there's only
+        # zero or one test for this control.
+        return title_for_report if results.nil? || results.size <= 1
+        # append a failure summary if appropriate.
+        title_for_report += " (#{failure_count} failed)" if failure_count > 0
+        title_for_report += " (#{skipped_count} skipped)" if skipped_count > 0
+        title_for_report
+      end
+      def impact_string
+        if anonymous?
+          nil
+        elsif impact.nil?
+          'unknown'
+        elsif results&.find { |r| r[:status] == 'skipped' }
+          'skipped'
+        elsif results.nil? || results.empty? || results.all? { |r| r[:status] == 'passed' }
+          'passed'
+        else
+          'failed'
+        end
+      end
+      def impact_string_for_result(result)
+        if result[:status] == 'skipped'
+          'skipped'
+        elsif result[:status] == 'passed'
+          'passed'
+        elsif impact.nil?
+          'unknown'
+        else
+          'failed'
+        end
+      end
+      def failure_count
+        results.select { |r| r[:status] == 'failed' }.size
+      end
+      def skipped_count
+        results.select { |r| r[:status] == 'skipped' }.size
+      end
+    end
+  end
+end